Tag Archives: Cloud Computing

European Cloud in Health Advisory Council Calls For Review of eHealth Rules and Ethics of Medical Data Re-Use

In a new post on the Covington Digital Health blog, our colleagues discuss a new European Cloud in Health Advisory Council whitepaper calling for a review of European healthcare data protection rules holding back greater adoption of cloud computing and AI; and for more discussion about the ethics and governance of re-use of patient data for research and planning.  To read … Continue Reading

House Members Reintroduce Email Privacy Act

On January 9, 2017, Representatives Kevin Yoder (R-Kan.) and Jared Polis (D-Colo.) reintroduced the Email Privacy Act.  According to Rep. Yoder’s spokesman, the text of the bill is similar to the version the House of Representatives unanimously approved last April, but which did not pass the Senate.  As we previously reported, the proposed changes would … Continue Reading

EU Organizations Call for More Support for Cloud Computing in Healthcare

The EU-U.S. Privacy Shield’s recent introduction has created an efficient mechanism to ensure that trans-Atlantic personal data flows are lawful.  With that in place, attention is now turning back to restrictions within the EU, particularly around hosting data in cloud computing services. European healthcare is particularly affected by such restrictions.  This has motivated a significant … Continue Reading

EU Cyber Security Directive To Enter Into Force In August

The EU Network and Information Security (NIS) Directive now looks likely to enter into force in August of this year.  Member States will then have 21 months to implement it into national law before the new security and incident notification obligations will start to apply to the following entities: designated* “operators of essential services” within … Continue Reading

House Unanimously Passes Email Privacy Act

On April 27, the House of Representative unanimously passed the Email Privacy Act.  As previously reported, the proposed changes would strengthen the privacy protections for email and other cloud-storage services by closing a loophole that allowed law enforcement to access older data without obtaining a warrant. However, while there is widespread support to require warrants … Continue Reading

Digital Single Market – New Initiatives for Cloud Computing and Internet of Things

By Vera Coughlan, Monika Kuschewsky and Kristof Van Quathem Yesterday, the European Commission launched its “Digitising European Industry” package, a series of industry related initiatives aimed at “updating Europe’s digital infrastructure”, see press release here, Q&A here and homepage here.  The package includes reports and proposals addressing cloud computing, ICT standardization, eGovernment, Internet of Things … Continue Reading

House Judiciary Committee Approves Email Privacy Act

In a unanimous vote, the House Judiciary Committee approved the Email Privacy Act, a long-awaited update to the 30-year-old Electronic Communications Privacy Act (ECPA).  The proposed changes would strengthen the privacy protections for email and other cloud-storage services by closing a loophole that allowed law enforcement to access older data without obtaining a warrant.  The … Continue Reading

Report Questions Use of “Going Dark” to Describe Encryption Trends

A report released yesterday by the Berkman Center for Internet & Society at Harvard University addresses the recent debate over the use of encryption in communications technologies and its impact on government access to communication data.  The report focuses on the U.S. government’s use of the “going dark” metaphor to describe recent decisions by several … Continue Reading

Data Localization Requirements Through the Backdoor? Germany’s “Federal Cloud”, and New Criteria For the Use of Cloud Services by the German Federal Administration

In May 2015, reports about the German government’s plans to establish federal German cloud infrastructure (the “Bundes-Cloud”) raised concerns about the possible introduction of data localization requirements (preventing the storage and processing of data outside Germany).  The criteria for the use of cloud services by Germany’s federal administration, which have recently been published, now give … Continue Reading

ISO’s New Cloud Privacy Standard

This summer, the International Standards Organization (ISO) adopted a new voluntary standard governing the processing of personal data in the cloud — ISO 27018.  Although this recent development has gone mostly unnoticed by the technology and media press to date, the new cloud standard provides a useful privacy compliance framework for cloud services providers that … Continue Reading

PCI Council Releases PCI-DSS Cloud Computing Guidelines

On February 7, 2013, the Payment Card Industry (PCI) council released a supplement to the payment card industry data security standards (PCI-DSS) on the use of cloud technologies and considerations for maintaining PCI DSS controls in cloud environments.  The supplement is intended for merchants, service providers, assessors, and other entities in evaluating the use of cloud … Continue Reading

Rep. Lofgren Introduces Legislation to Update ECPA

Last Friday, Rep. Zoe Lofgren (D-CA) introduced the ECPA 2.0 Act, H.R. 6529, which would strengthen the legal standards for law enforcement to gain access to electronic communications and location information.  The Electronic Communications Privacy Act (ECPA) is more than 25 years old and is widely seen as needing modernization to address changes in digital … Continue Reading

FFIEC Issues Risk Management Guidance for Cloud Computing

On July 10, the Federal Financial Institutions Examination Council (FFIEC) issued risk management guidance for depository institutions’ use of cloud computing.  The guidance defines cloud computing generally as “a migration from owned resources to shared resources in which client users receive information technology services, on demand, from third-party service providers via the Internet ‘cloud.’”  The guidance also … Continue Reading

Article 29 Working Party Publishes an Opinion on Cloud Computing

On July 1st, 2012, the Article 29 Working Party (WP29), a group consisting of data protection authorities of all EU Member States, adopted a long-awaited opinion on cloud computing.  While acknowledging the advantages of cloud computing, the opinion sets out a number of data protection issues that may arise from the wide-scale deployment of cloud … Continue Reading

NIST Issues Guidelines on Public Cloud Security, Privacy

The U.S. Department of Commerce’s National Institute of Standards and Technology on Tuesday released a final version of its guidelines for how organizations — particularly federal agencies — should manage security and privacy concerns when considering the use of public cloud-computing services. Public cloud services, unlike private clouds, require users to store their data on … Continue Reading

Planned Virtualized ATMs Highlight Potential Security Benefits of Cloud

Companies considering moving to the cloud sometimes are cautioned that heightened data security risks pose a potential drawback to cloud computing.  And it is certainly correct that before making a decision about whether and how to adopt cloud-based computing, companies should carefully consider the security practices of potential cloud service providers or build security into … Continue Reading

NIST Releases Draft Roadmap for the U.S. Government’s Implementation of Cloud Technology

Last week, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) released for public comment a draft roadmap for implementing cloud computing technology across U.S. government agencies.  The roadmap is intended to foster adoption of cloud computing by federal agencies, reduce uncertainty surrounding cloud computing by improving the information available to policymakers, and facilitate … Continue Reading

Privacy and Security Requirements for Handling Government Records Under Scrutiny

Government agencies maintain large quantities of information about individuals, covering everything from physical description to the person’s family life, property, political activity, employment history, criminal records, and health condition.  In a light of a recent finding that reports of information-security incidents at federal agencies have increased more than 650 percent over the past five years, … Continue Reading

The Swedish DPA Issues Guidelines on the Provision and Use of Cloud Services

Recently, the Swedish Data Protection Authority (“DPA”) published a review of the use of cloud services, informed by the practices of three Swedish municipalities’ use of services from leading cloud providers.  Based on the study, the DPA has published guidelines (currently only available in Swedish) that clarify the requirements of Swedish data protection law with … Continue Reading

USA PATRIOT Act and the Use of Cloud Services

By David Fagan and Alex Berengaut Enterprises must consider a range of benefits and costs as they evaluate migrating their IT functions and data to cloud-based computing services, including the impact of the cloud services on the security and privacy of their data.  In this regard, one of the principal privacy-based concerns raised in connection … Continue Reading

Cloud Outages Highlight Contractual Risk

By Christine Enemark To some customers of computing storage, processing and online services, the “cloud” seems no different from the traditional information technology services they have used for years.  Amazon’s cloud computing outage last week, and the associated downtime and data loss suffered by a number of Internet web sites, highlights how public cloud computing … Continue Reading

Observations from Cloud Discussions

I’ve recently had the opportunity to participate in or moderate several panels on cloud computing, addressing issues such as governance, security, privacy, and legal liability.   One issue that frequently comes up is whether cloud computing is really new or different.  That depends on how you look at it.  As a legal matter, the model itself … Continue Reading

Epsilon Data Breach Highlights Security Challenges in the Cloud

Email marketing company Epsilon announced last week that its databases had been hacked, compromising customer names and e-mail addresses for a number of major companies that outsource their marketing communications to Epsilon. The Epsilon data breach illustrates some of the security challenges when dealing with cloud computing environments.  Although there are security risks associated with … Continue Reading
LexBlog